twzrd-receipt-verifier 1.0.6 → 1.0.7

package/README.md

@@ -1,7 +1,7 @@
 # TWZRD Receipt Verifier (standalone)
 
-Verify a **signed TWZRD trust receipt** offline, trusting **nothing from TWZRD's
-servers or codebase** - only the receipt, TWZRD's published public key, and two
+Verify a TWZRD **AO-Receipt V5** offline, trusting **nothing from TWZRD's servers
+or codebase** - only the receipt, TWZRD's published public key, and two
 widely-audited crypto libraries.
 
 A TWZRD trust receipt has two layers:
@@ -32,16 +32,6 @@ npx twzrd-receipt-verifier receipt.json --pubkey 9V6Pn19kiUA5Rn6JpQfNduanvGt2aXG
 npx twzrd-receipt-verifier receipt.json --pubkey 9V6Pn19kiUA5Rn6JpQfNduanvGt2aXGwsarosNfa2Ldf --max-age 60
 ```
 
-## Ingest the corpus
-
-The receipts this tool verifies are issued from the only live cross-facilitator x402
-payer corpus on Solana. Pull the scored signal population as a feed (no auth, paginated):
-
-    curl -s 'https://intel.twzrd.xyz/v1/intel/corpus_feed?limit=5' | jq .
-
-Browser demo: https://twzrd.xyz/demo/ingest/ · schema: https://intel.twzrd.xyz/docs ·
-ingestion pilots: https://twzrd.xyz/grants (email privacy@twzrd.xyz).
-
 ## The published signing key
 
 | field | value |
@@ -60,8 +50,8 @@ Also published, machine-readable, at:
 
 ## Get a receipt to verify
 
-Any signed TWZRD trust receipt works. To mint a fresh one, pay the trust endpoint
-(x402, 0.05 USDC on Solana mainnet) - e.g. via AgentCash:
+Any TWZRD V5 receipt works. To mint a fresh one, pay the trust endpoint (x402,
+0.05 USDC on Solana mainnet) - e.g. via AgentCash:
 
 ```bash
 npx agentcash@latest fetch https://intel.twzrd.xyz/v1/intel/trust/<PUBKEY> > resp.json

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "twzrd-receipt-verifier",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "description": "Standalone offline verifier for TWZRD AO-Receipt V5 (Ed25519-signed keccak256 leaf). No trust in TWZRD servers or code.",
   "keywords": [
     "twzrd",
@@ -33,8 +33,7 @@
     "LICENSE"
   ],
   "scripts": {
-    "verify": "node verify_twzrd_receipt.js",
-    "test": "node --test test/*.test.js"
+    "verify": "node verify_twzrd_receipt.js"
   },
   "engines": {
     "node": ">=16"

package/verify_twzrd_receipt.js

@@ -37,6 +37,29 @@ function b58decode(s) { return Buffer.from(bs58.decode(s)); }
 
 function u16le(n) { const b = Buffer.alloc(2); b.writeUInt16LE(n & 0xffff, 0); return b; }
 function u64le(n) { const b = Buffer.alloc(8); b.writeBigUInt64LE(BigInt(n), 0); return b; }
+function i64le(n) { const b = Buffer.alloc(8); b.writeBigInt64LE(BigInt(n), 0); return b; }
+
+// V6 reputation block: 1-byte presence flag (0x00 null / 0x01 present) + fixed-width
+// value when present. reputation_score is i64 LE (null-vs-0 safe); version/quality
+// are u16-len-prefixed UTF-8; feature_window is u64 LE. "" is present (distinct from
+// null). Mirrors the issuer's RECEIPT_V6_LEAF_SPEC.md byte layout exactly.
+function encodeReputationBlockV6(pre) {
+  const optInt = (v, enc) => (v === null || v === undefined)
+    ? Buffer.from([0x00])
+    : Buffer.concat([Buffer.from([0x01]), enc(v)]);
+  const optStr = (v) => {
+    if (v === null || v === undefined) return Buffer.from([0x00]);
+    const raw = Buffer.from(String(v), 'utf8');
+    return Buffer.concat([Buffer.from([0x01]), u16le(raw.length), raw]);
+  };
+  return Buffer.concat([
+    optInt(pre.reputation_score, i64le),
+    optInt(pre.reputation_confidence_bps, u16le),
+    optStr(pre.reputation_score_version),
+    optInt(pre.reputation_feature_window_start_unix, u64le),
+    optStr(pre.reputation_data_quality),
+  ]);
+}
 
 function payer32(payer) {
   try { const raw = b58decode(payer); if (raw.length === 32) return raw; } catch (_) {}
@@ -51,12 +74,19 @@ function anchor32(tx) {
 }
 
 function recomputeLeaf(pre) {
+  // Use the exact domain the receipt carries. V6 binds reputation_* into the leaf
+  // (V5 left them unsigned/forgeable); a V6 receipt verified with V5 rules would
+  // fail on a legitimate receipt, so the block is appended whenever domain is _V6.
   const dom = String(pre.domain || '').toUpperCase();
+  const isV6 = dom.includes('_V6');
   const isAttention = dom.includes('ATTENTION');
-  const domain = Buffer.from(isAttention ? 'TWZRD:AO_ATTENTION_RECEIPT_V5' : 'TWZRD:AO_REPUTATION_RECEIPT_V5', 'ascii');
+  const domainStr = isAttention
+    ? (isV6 ? 'TWZRD:AO_ATTENTION_RECEIPT_V6' : 'TWZRD:AO_ATTENTION_RECEIPT_V5')
+    : (isV6 ? 'TWZRD:AO_REPUTATION_RECEIPT_V6' : 'TWZRD:AO_REPUTATION_RECEIPT_V5');
+  const domain = Buffer.from(domainStr, 'ascii');
   const score = isAttention ? (pre.attention_score || 0) : (pre.score || 0);
   const agent = Buffer.from(pre.agent_id, 'utf8');
-  const msg = Buffer.concat([
+  const parts = [
     domain,
     u16le(agent.length), agent,
     u16le(score),
@@ -64,8 +94,9 @@ function recomputeLeaf(pre) {
     u64le(pre.timestamp_unix),
     payer32(pre.payer),
     anchor32(pre.settlement_tx || pre.settlement_anchor),
-  ]);
-  return Buffer.from(keccak256.arrayBuffer(msg));
+  ];
+  if (isV6) parts.push(encodeReputationBlockV6(pre));
+  return Buffer.from(keccak256.arrayBuffer(Buffer.concat(parts)));
 }
 
 function fetchPublishedPubkey(baseUrl) {
@@ -220,9 +251,4 @@ key source: ${DEFAULT_BASE_URL}/.well-known/x402`;
   process.exit(ok ? 0 : 1);
 }
 
-// Run the CLI only when invoked directly; stay importable for tests.
-if (require.main === module) {
-  main().catch((e) => { console.error('error:', e.message); process.exit(1); });
-}
-
-module.exports = { verify, recomputeLeaf, b58decode, payer32, anchor32 };
+main().catch((e) => { console.error('error:', e.message); process.exit(1); });